Federal Sector – Page 5 – AFERM Resource Library

Getting Ahead of Risks Before They Become Government Failures

An Imperative for Agency Leaders to Embrace Enterprise Risk Management

Several recent reports and studies have detailed a range of worsening trends and developments that are creating an increased risk for significant government failure. Many of the reports offer recommendations for action by Congress and the Administration. However, they do not go as far to suggest and recognize what agency leaders can do, and in many cases are doing, to help address these challenges. This paper, from the Senior Executives Association (SEA) and the Association for Federal Enterprise Risk Management (AFERM), aims to highlight how agency leaders can use enterprise risk management to reduce the risk of government failure while increasing the likelihood for the successful delivery of agency missions.

Download the Paper

Summary of April 2018 ERM Workshop: Beyond Compliance, Driving Organizational Value

On April 16, 2018, the Association of Government Accountants (AGA) and the Association for Federal Enterprise Risk Management (AFERM) held the second annual enterprise risk management (ERM) workshop with federal government professionals. This workshop provided an opportunity for over 150 professionals to hear ERM thought leadership from senior government leaders and discuss with their colleagues how ERM can, and is, driving organizational value and enhancing performance. This summary report shares the information discussed during this workshop.

Download the Summary PDF

Techniques, Templates, and Toolkits in a Flash! – 2018

In this 2018 Summit presentation… Technology, tools, and templates should be seen as accelerators for a sound Enterprise Risk Management (ERM) framework, not a substitute. As with most other aspects of ERM implementation, the tools and templates developed and deployed by an ERM program should follow a maturity model approach and be customized to an organization.

Tool or templates are only as good as the information input and how effectively their outputs put the right information in front of the right people at the right time. During this session, attendees learned how federal ERM programs have developed and deployed tools to support their programs’ maturation. Organizations beginning their ERM journeys can learn what tools provided the greatest value to the ERM program and organizational leadership from the initial stages of ERM implementation. While organizations with mature ERM programs can hear how tools continue to support organizations in making risk-informed decisions.

Speakers: Doug Clift, Census Bureau; Greg Keith, Ginnie Mae; Jason Leecost, Ginnie Mae; Debra Elkins, HHS
Download

Effective Integration of ERM and Internal Control – 2018

In this 2018 Summit presentation… OMB Circular A-123 requires Federal agencies to integrate their ERM and internal controls activities. In this session, the Enterprise Risk Management Officer and Director of Internal Controls for the National Institute of Standards and Technology (NIST) shared their experiences and the progress they’ve made toward this goal. The speakers described NIST’s ERM-Internal Controls Integration Framework, NIST’s new Audit Subcommittee, and lessons learned.

Speakers: Nahla Ivy, NIST; April Szuchyt, NIST
Download

Check What Box? Increasing ERM Motivation through Non-Compliance Focused Techniques – 2018

In this 2018 Summit presentation… Embedding ERM into existing business processes improves acceptance, creates efficiencies, and reduces pushback. This session discusses how to integrate ERM into normal business.

Speakers: Rendell Jones, NCUA; Eugene Schied, NCUA
Download

Leveraging Technology to Enhance Your Agency’s ERM Capabilities – 2018

In this 2018 Summit presentation… Technology cannot provide an out of the box ERM program, but it can definitely facilitate the process. This session discussed how using technology can jump start your ERM program capabilities, and how these platforms are creating innovative solutions to challenges your ERM program may face through maturity such as risk identification, collection, collaboration, and prioritization.

Speakers: W. Curtis McNeil, AOC; LaTaiga Proctor, Census Bureau
Download

Integrating ERM with Strategic Planning and Strategic Objective Annual Reviews – 2018

In this 2018 Summit presentation… The success of ERM in federal agencies relies on the integration of strategy and risk management principles. In this session, participants learned how Treasury incorporates these principles into the strategic planning process at the department level and the bureau level.

Speakers:Karen Weber, DOTR; Montrice Yakimov, BFS; Elisabeth C. Kann, ATT&TB
Download

Applying ERM Principles to Functional Divisions: A Federal Grants Risk Management Case Study – 2018

In this 2018 Summit presentation… Today, buzz words like “enterprise risk management” (ERM) and “accountability” abound in the public and private sectors. But how do they really work operationally? Faced with an $11 billion budget for grant programs but finite internal resources to manage them, the Health Resources and Services Administration (HRSA) sought a way to use risk management to improve accountability and oversight of grants. Seeking a risk-based, data driven approach to strategic decisions, HRSA embarked on a one-of-a-kind assessment of current risks and related risk management practices, and the development of risk tools for decision makers.

This presentation provides a case study for operationalizing risk management in the grants world, and more generally at the sub-agency level. Those seeking to integrate risk management into their operations heard about project challenges and successes, key risk findings and recommendations, and considerations when taking on such a project. During the presentation, the speakers:

Explained the context within which HRSA determined to launch such an ambitious study, and the questions faced in developing the project;
Briefly walked through the tools developed to document and assess key risks and opportunities;
Described the findings of the study and how ERM principles were applied; and
Discussed the challenges and limitations faced with a risk management study of this kind.

Speakers: Lori Giblin, CNCS; Suzanne Auerbach, HRSA
Download

Shaping the Future Cybersecurity Risk in the Public Sector: A CIO Perspective – 2018

In this 2018 Summit presentation… CIO’s lessons learned in leveraging ERM to mitigate cybersecurity risks, including:

Innovative approaches for staying ahead of emerging risks
Motivating a risk culture that promotes transparency
Integrating risk monitoring with other entities (OIG, OMB, DHS, Board of Directors, others)
Best practices for addressing (and mitigating) reputational risks

Speaker: Howard Whyte, Chief Information Officer (CIO) and Chief Privacy Officer (CPO), FDIC
Download

Cyber Risk and the Chief Risk Officer: What CROs Need to Know About the New NIST Risk Management Framework – 2018

In this 2018 Summit presentation… NIST is doing a major upgrade to one of its flagship security guidelines, Special Publication 800-37, the Risk Management Framework (RMF). The updated RMF 2.0, to be published this Fall, will provide many new features for Cyber Risk Officers and Enterprise Risk Management (ERM) programs. In addition to managing security risk, the RMF 2.0 will also address privacy and supply chain risks and the alignment with key constructs in the Cybersecurity Framework (CSF) as part of a comprehensive and unified ERM approach.

Speaker: Ron Ross, NIST
Download